EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V10 Online Questions & Answers

• Question 701:

  The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. (Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.) Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194. 222. 156. 169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194. 222. 156. 169:56693 -> 172. 16. 1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212. 244. 97. 121:3485 -> 172. 16. 1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194. 222. 156. 169:1425 -> 172. 16. 1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24. 9.255. 53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63. 226. 81.13:4499 -> 172. 16. 1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63. 226. 81.13:4630 -> 172. 16. 1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212. 251.1.94:642 -> 172. 16. 1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173. 35. 164:4221 -> 172. 16. 1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107. 87:2291 -> 172. 16. 1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63. 226. 81.13:1351 -> 172. 16. 1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24. 112. 167. 35:20 -> 172. 16. 1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172. 16. 1.107:23 -> 213. 28.22. 189:4558 From the options given below choose the one which best interprets the following entry: Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63. 226. 81.13:1351 -> 172. 16. 1.107:53

  A. An IDS evasion technique
  B. A buffer overflow attempt
  C. A DNS zone transfer
  D. Data being retrieved from 63. 226. 81.13
  A. An IDS evasion technique

• Question 702:

  Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?

  A. Model.log
  B. Model.txt
  C. Model.ldf
  D. Model.lgf
  C. Model.ldf

• Question 703:

  One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document.

  What can an investigator examine to verify that a file has the correct extension?

  A. the File Allocation Table
  B. the file header
  C. the file footer
  D. the sector map
  B. the file header

• Question 704:

  What is the smallest physical storage unit on a hard drive?

  A. Track
  B. Cluster
  C. Sector
  D. Platter
  C. Sector

• Question 705:

  Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search. link:www.ghttech.net What will this search produce?

  A. All search engines that link to .net domains
  B. All sites that link to ghttech.net
  C. Sites that contain the code: link:www.ghttech.net
  D. All sites that ghttech.net links to
  B. All sites that link to ghttech.net

• Question 706:

  How do you define Technical Steganography?

  A. Steganography that uses physical or chemical means to hide the existence of a message
  B. Steganography that utilizes written natural language to hide the message in the carrier in some non-obvious ways
  C. Steganography that utilizes written JAVA language to hide the message in the carrier in some non-obvious ways
  D. Steganography that utilizes visual symbols or signs to hide secret messages
  A. Steganography that uses physical or chemical means to hide the existence of a message

• Question 707:

  James is dealing with a case regarding a cybercrime that has taken place in Arizona, USA. James needs to lawfully seize the evidence from an electronic device without affecting the user's anonymity. Which of the following law should he comply with, before retrieving the evidence?

  A. First Amendment of the U.S. Constitution
  B. Fourth Amendment of the U.S. Constitution
  C. Third Amendment of the U.S. Constitution
  D. Fifth Amendment of the U.S. Constitution
  B. Fourth Amendment of the U.S. Constitution

• Question 708:

  Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?

  A. TestDisk for Windows
  B. R-Studio
  C. Windows Password Recovery Bootdisk
  D. Passware Kit Forensic
  D. Passware Kit Forensic

• Question 709:

  Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

  A. Sector
  B. Metadata
  C. MFT
  D. Slack Space
  D. Slack Space

• Question 710:

  Which among the following acts has been passed by the U.S. Congress to protect investors from the possibility of fraudulent accounting activities by corporations?

  A. Gramm-Leach Bliley act
  B. Federal Information Security Management act of 2002
  C. Health Insurance Probability and Accountability act of 1996
  D. Sarbanes-Oxley act of 2002
  D. Sarbanes-Oxley act of 2002